Lucene search
MitreCVE-2015-6932HistorySep 18, 2015 - 10:59 p.m.
CVE-2015-6932
2015-09-1822:59:09
CWE-310
mitre
web.nvd.nist.gov
38
vmware
vcenter
server
tls
ldap
certificate
verification
security
vulnerability
nvd
cve-2015-6932
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
29.4%
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Affected configurations
Node
vmwarevcenter_serverMatch5.5-
ORvmwarevcenter_serverMatch5.51
ORvmwarevcenter_serverMatch5.51a
ORvmwarevcenter_serverMatch5.51b
ORvmwarevcenter_serverMatch5.51c
ORvmwarevcenter_serverMatch5.52
ORvmwarevcenter_serverMatch5.52b
ORvmwarevcenter_serverMatch5.52d
ORvmwarevcenter_serverMatch5.52e
ORvmwarevcenter_serverMatch6.0-
ORvmwarevcenter_serverMatch6.0a
ORvmwarevcenter_serverMatch6.0b
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:-:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:* |
| vmware | vcenter_server | 5.5 | cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:* |
| vmware | vcenter_server | 6.0 | cpe:2.3:a:vmware:vcenter_server:6.0:-:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-6932
2015-09-18 22:00:00
nessus
nessus
vmware
vmware
VMware vCenter Server updates address a LDAP certificate validation issue
2015-09-16 00:00:00
VMware vCenter Server updates address a LDAP certificate validation issue
2015-09-16 00:00:00
prion
prion
Design/Logic Flaw
2015-09-18 22:59:00
nvd
nvd
CVE-2015-6932
2015-09-18 22:59:09
kaspersky
kaspersky
KLA10665 Obtain sensitive information vulnerability in VMware vCenter Server
2015-09-16 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
29.4%
Related for CVE-2015-6932